2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2016-05-19" ,
"extends_uuid" : "" ,
"info" : "OSINT - Dogspectus Ransomware Analysis" ,
"publish_timestamp" : "1464159582" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1464159454" ,
"uuid" : "574549b7-23c0-4bf3-9183-466b950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#004646" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#006c6c" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "ecsirt:malicious-code=\"ransomware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1464158696" ,
"to_ids" : false ,
"type" : "comment" ,
"uuid" : "574549e8-c020-4a63-8146-4ce6950d210f" ,
"value" : "On April 25, 2016, Blue Coat published an article on a new Android Ransomware, called \"Dogspectus.\u00e2\u20ac\u009d On May 12, 2016, Dell SonicWALL published a separate report on the Android Lockscreen malware campaign with similar characteristics to Dogspectus. These similarities are not a coincidence. We began our own extensive investigation into this ransomware some time ago, and will share additional technical details of this malware here that have not been previously discussed."
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1464159269" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "57454c25-2ad4-4971-ab4b-4704950d210f" ,
"value" : "http://blog.fortinet.com/2016/05/19/dogspectus-ransomware-analysis"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1464159269" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "57454c25-a5a0-4029-af09-460d950d210f" ,
"value" : "https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=929"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1464159270" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "57454c26-e3d0-40d9-b77c-4f9d950d210f" ,
"value" : "https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1464159307" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "57454c4b-74b8-4e8b-955e-4053950d210f" ,
"value" : "http://workoutplaceface.com"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1464159307" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "57454c4b-db4c-4805-a8a8-482a950d210f" ,
"value" : "http://orlandroot.com"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1464159308" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "57454c4c-9f3c-4f7f-be50-4a7c950d210f" ,
"value" : "http://daflourstmichurins.com"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1464159308" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "57454c4c-d55c-4d66-afda-4bc2950d210f" ,
"value" : "http://mentosjolly.com"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1464159308" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "57454c4c-3fac-47e8-bd71-4be3950d210f" ,
"value" : "http://belkafruitcymus.com"
} ,
{
"category" : "Network activity" ,
"comment" : "C&C" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1464159309" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "57454c4d-1b10-4f2a-a911-4a37950d210f" ,
"value" : "http://wirtualcleens.com"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1464159321" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "57454c59-6b48-4c0a-b689-4355950d210f" ,
"value" : "197588be3e8ba5c779696d864121aff188901720dcda796759906c17473d46fe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "- Xchecked via VT: 197588be3e8ba5c779696d864121aff188901720dcda796759906c17473d46fe" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1464159454" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "57454cde-0adc-42d8-a2a1-404702de0b81" ,
"value" : "392e8b90431dfe55ca03e04a49fce1514d61638e"
} ,
{
"category" : "Payload delivery" ,
"comment" : "- Xchecked via VT: 197588be3e8ba5c779696d864121aff188901720dcda796759906c17473d46fe" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1464159454" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "57454cde-cbcc-402d-9057-4aaa02de0b81" ,
"value" : "e26710a4e499a797aab62fd0ad7ac19c"
} ,
{
"category" : "External analysis" ,
"comment" : "- Xchecked via VT: 197588be3e8ba5c779696d864121aff188901720dcda796759906c17473d46fe" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1464159455" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "57454cdf-db60-4831-8b49-452502de0b81" ,
"value" : "https://www.virustotal.com/file/197588be3e8ba5c779696d864121aff188901720dcda796759906c17473d46fe/analysis/1464158418/"
}
]
}
}